Resources Contact Us Home
Browse by: INVENTOR PATENT HOLDER PATENT NUMBER DATE
 
 
System and method of monitoring and controlling application files
8645340 System and method of monitoring and controlling application files
Patent Drawings:

Inventor: Kester, et al.
Date Issued: February 4, 2014
Application:
Filed:
Inventors:
Assignee:
Primary Examiner: Fleurantin; Jean B
Assistant Examiner: Ly; Anh
Attorney Or Agent: Knobbe, Martens, Olson & Bear, LLP
U.S. Class: 707/694; 707/695; 707/783; 707/786; 709/203; 709/223; 709/224; 709/225; 713/165; 713/187; 713/193; 726/22; 726/24; 726/25
Field Of Search: ;707/694; ;707/695; ;707/783; ;707/786; ;707/E17.102; ;709/203; ;709/217; ;709/221; ;709/222; ;709/223; ;709/224; ;709/225; ;713/187; ;713/188; ;713/189; ;713/191; ;713/193; ;713/165; ;713/201; ;726/22; ;726/24; ;726/25
International Class: G06F 17/00
U.S Patent Documents:
Foreign Patent Documents: 0 658 837; 1130495; 1 280 040; 1 638 016; WO 92/19054; WO 96/05549; WO 96/42041; WO 01/24012; WO 01/33371; WO 01/55873; WO 01/55905; WO 01/63835; WO 2005/099340
Other References: Jim Basney and Miron Livny--"Improving Goodput by Coscheduling CPU and Network Capacity"--The International Journal of High PerformanceComputing Applications, vol. 13, No. 3, Fall 1999, pp. 220-230. cited by examiner.
Gregory Rose, Huoy Khoo, and Detmar W. Straub--"Current Technological Impediments to Business-To-Consumer Electronic Commerce"--Communications of AIS vol. 1, Issue 5, Article Jun. 1999--(pp. 1-76). cited by examiner.
Ang, P. H. et al., "Censorship and the Internet: A Singapore Perspective", Communications of the Association for computing machinery, Jun. 1, 1995, vol. 39, Issue 6, pp. 72-78, New York, NY. cited by applicant.
Dahan, M. Ed , "The Internet and governmont censorship: the case of the Israeli secretservice" Online information, Proceedings of the International Online Information Meeting, Oxford, Learned Information, GB, Dec. 12-14, 1989, vol. Meeting 13,December, Issue XP000601363, pp. 41-48, Sections 1,3., London. cited by applicant.
Igakura, Tomohiro et al., Specific quality measurement and control of the service-oriented networking application., Technical Report of IEICE, IEICE Association, Jan. 18, 2002, vol. 101, Issue 563, pp. 51-56, Japan. cited by applicant.
Resnick, P. et al., "PICS: Internet Access Controls Without Censorship", Communications of the Association for Comuting Machinery ACM, Oct. 1, 1996, vol. 39, Issue 10, pp. 87-93, New York, NY. cited by applicant.
Williams, R., Data Integrity with Veracity, Retrieved from the Internet: <URL:ftp://ftp.rocksoft.com/clients/rocksoft/papers/vercty10.ps>, Sep. 12, 1994. cited by applicant.
Sandhu, et al., Access Control: Principles and Practice, IEEE Communications Magazine, pp. 40-48, Sep. 1994. cited by applicant.
C. L. Schuba and E. H. Spafford. Countering abuse of name-based authentication. In 22nd Annual Telecommunications Policy Research Conference, 21 pp., 1996. cited by applicant.
SurfControl plc, SuperScout Web Filter Reviewer's Guide, 36 pp., 2002. cited by applicant.
Yialetts, et al., Role-Based Security for Distributed Object Systems, Proceedings of the IEEE Fifty Workshops on Enabling Technology: Infrastructure for Collaborative Enterprises (WET ICE '96): 6 pp., Jun. 19-21, 1996. cited by applicant.
Supplementaty European Search Report for EPO App. No. 00 90 7076, mailed May 18, 2004. cited by applicant.
Roberts-Witt, S., The 1999 Utility Guide: Corporate Fiitering, PC Magazine Online, Apr. 5, 1999, pp 1-11. cited by applicant.
Sequel Technology, Inc., Sequel and Surfwatch Partner to Provide Innovative Internet Resource Management Tools for Large Enterprises, Internet, Online!, Feb. 25, 1999, pp. 1-3. cited by applicant.
SurfWatch Software, SurfWatch.RTM. Professional Edition: Product Overview, Internet, Online!, May 26, 1999, p. 1. cited by applicant.
Newman, H., A Look at Some Popular Filtering Systems, Internet, Online, Jul. 25, 1999, pp. 1-11. cited by applicant.
Secure Computing Coporation, SmartFilter.TM. Web Tool, Dec. 1, 1998, pp. 1-2. cited by applicant.
European Search Report for Application No. 02258462.7, mailed Jan. 30, 2006. cited by applicant.
PCT Search Report for Application No. PCT/US2006/018823, mailed Sep. 25, 2006. cited by applicant.
IronPort Web Reputation White Paper, A Comprehensive, Proactive Approach to Web-Based Threats, Ironport Systems, 2009, pp. 10. cited by applicant.
IronPort Web Reputation: Protect and Defend Against URL-Based Threats; Ironport Systems, Apr. 2006, 8 pages. cited by applicant.
Jiang et al., Towards Junking the PBC: Deploying IP Telephony, NOSSDAV'01 Proceedings of the 11th International Workship on Network and Operating Systems Support for Digital Audio and Video, Jun. 25-28, 2001, pp. 177-185, New York. cited byapplicant.
Ong et al., Unicorn: Voluntary Computing over Internet, ACM SIGOPS Operating Systems Review, vol. 36, Issue 2, Apr. 2002, pp. 36-51. cited by applicant.
Schmid et al., Protecting Data from Malicious Software, IEEE; Proceedings of the 18th Annual Computer Security Applications Conference, 2002. cited by applicant.









Abstract: A system and method for updating, monitoring, and controlling applications on a workstation. The workstation includes a workstation management module configured to detect the launch or request to access a network by an application. A workstation application server receives data associated with the application from the workstation. The application server module can determine one or more policies or categories to associate with the application by referencing an application inventory database. Once the application server module has the category or policy, it forwards a hash/policy table to the workstation management module. Upon receipt of the hash/policy table, the workstation management module applies the policy that is associated with the application to control network access by the application.
Claim: What is claimed is:

1. A system, including one or more processors, for collecting network access data for use in updating a monitoring system which controls programs accessing a network,comprising: a workstation management module configured to detect a program on a workstation accessing a network, determine whether the program is in a network access database, send program data associated with the program to an application server moduleif the program is not in the network access database, and apply one or more policies that are associated with the program, wherein the network access database includes a protocol that is associated with the program; the application server module beingconfigured to receive the program data from the workstation management module if the program was not in the network access database, determine whether the program is operating in a predetermined manner, wherein said predetermined manner means the programis operating in a manner determined by past network activity involving the same or relevant programs, if the program is not operating in a predetermined manner, then send the program data to an application database factory, if the program is operating ina predetermined manner, then provide the one or more policies associated with the program to the workstation management module, wherein the application server module is further configured to analyze the program data for a data characteristic that isindicative of whether the program is operating in the predetermined manner, and to associate one or more indicators with the program; and wherein analyzing the program data is performed on text strings that are associated with the program; aclassification user interface configured to provide an interface for a network administrator to select the one or more policies that are associated with the program; and an upload/download manager module configured to send the program data to theapplication database factory and to receive the one or more policies from the application database factory.

2. The system of claim 1 wherein the application database factory is configured to receive the program data from the application server module if the program is not operating in a predetermined manner, determine whether the program waspreviously analyzed by the application database factory, if the program was not previously analyzed, then determine one or more policies to associate with the program and provide the one or more policies to the application server module, if the programwas previously analyzed, then provide the one or more policies that were previously associated with the program data to the application server module.

3. The system of claim 1, wherein the protocol is a transport protocol.

4. The system of claim 3, wherein the transport protocol is transmission control protocol (TCP).

5. The system of claim 3, wherein the transport protocol is user database protocol (UDP).

6. The system of claim 1, wherein the network access database comprises hash values.

7. The system of claim 1, wherein the network access database comprises one or more categories and one or more policies associated with the program.

8. The system of claim 1, wherein the workstation management module comprises an application digest generator configured to determine the program data to associate with the program.

9. The system of claim 1, wherein the program data includes a source IP address.

10. The system of claim 1, wherein the program data includes a destination IP address.

11. The system of claim 1, wherein the one or more policies include allowing the program to access the network based on the one or more policies associated with the program and the user.

12. The system of claim 1, wherein the one or more policies include not allowing the program to access the network based on the one or more policies associated with the program and the user.

13. A system, including one or more processors, for collecting network access data for use in updating a monitoring system which controls a program on a computer from accessing a network based at least in part on information collected fromanother computer over the network, the system comprising: a first workstation management module configured to detect a program on a first workstation accessing a network, determine whether the program is in a first network access database, send programdata associated with the program to an application server module if the program is not in the first network access database, and apply one or more policies that are associated with the program; the application server module being configured to receivethe program data from the first workstation management module if the program was not in the first network access database, determine whether the program is operating in a predetermined manner, wherein said predetermined manner means the program isoperating in a manner determined by past network activity involving the same or relevant programs, if the program is not operating in a predetermined manner, then send the program data to an application database factory, if the program is operating in apredetermined manner, then provide the one or more policies associated with the program to at least a second workstation; wherein the application server module is further configured to analyze the program data for a data characteristic that isindicative of whether the program is operating in the predetermined manner, and to associate one or more indicators with the program; and wherein analyzing the program data is performed on text strings that are associated with the program; and a secondworkstation management module being configured to receive the one or more policies from the application server module and update a second network access database resident on the second workstation.

14. The system of claim 13, wherein the one or more indicators includes a category flag.

15. The system of claim 13, wherein the application server module uses the one or more indicators to screen the program prior to sending the program data to the application database factory.

16. A system, including one or more processors, for collecting network access data for use in updating a monitoring system which controls programs accessing a network, comprising: a workstation management module configured to detect a programon a workstation accessing a network, determine whether the program is in a network access database, send program data associated with the program to an application server module if the program is not in the network access database, and apply one or morepolicies that are associated with the program, wherein the network access database includes a protocol that is associated with the program; the application server module being configured to receive the program data from the workstation management moduleif the program was not in the network access database, analyze the program data for a data characteristic that is indicative of whether the program is operating in a predetermined manner and to associate one or more indicators with the program, whereinsaid predetermined manner means the program is operating in a manner determined by past network activity involving the same or relevant programs, if the program is not operating in a predetermined manner, then send the program data and the datacharacteristic to an application database factory, if the program is operating in a predetermined manner, then provide the one or more policies associated with the program to the workstation management module; and wherein the application server moduleis further configured to analyze the program data for a data characteristic that is indicative of whether the program is operating in the predetermined manner, and to associate one or more indicators with the program; and wherein analyzing the programdata is performed on text strings that are associated with the program.

17. The system of claim 16, wherein the one or more indicators includes a category flag.
Description:
 
 
  Recently Added Patents
Method for resource allocation in a wireless communication network, method for error-free transmission of information, node and wireless communication network
Femtocell one-to-many packet delivery
Timepiece
High power fiber amplifier with stable output
Method and apparatus to maintain welding current to compensate for deterioration of welding contact tip
Removable storage device and method for identifying drive letter of the removable storage device
Respirator belt having bumper cushion
  Randomly Featured Patents
Structural connector
Continuous container-supplying apparatus
Removable book marker strip
Balloon catheter for repairing bifurcated vessels
Tee valve assembly
Vehicle traction control device
Optical glare limiter
Tool for collapsing hollow-wall anchors
Process for preparing alkali-and heat-stable sugar alcohol compositions and a sorbitol composition
Production of nitrile compounds